Is this racket or genius is as genius does?

Enter Let's Encrypt free TLS certificate service. They publicize their user's certs online. What can possibly go wrong?

Well, by having a central repository of all certs that they issue, they create a shopping list for hackers. I have evidence that this is exactly how it is being used because as soon as I expanded my cert to cover a service endpoint that had previously used a self-signed cert, that endpoint immediately got hit by hackers from all over the world. I can see in the logs that whereas previously only an odd corporate port scanner used to hit it, now it is being hit by everyone and his sister. The only change between before and after was the act of my having expanded the cert.

So, they are either doing this for the purpose of racketeering, in order to force us to buy DigiCert or GlobalSign, or they intentionally create a vector of attack on our infrastructures. You choose the option that you like.

Posted by: LinuxLies at 11:38 AM | No Comments | Add Comment
Post contains 183 words, total size 1 kb.